Software Downloads

Redline ®

Accelerated Live Response

Redline, Mandiant’s premier free tool, provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis, and the development of a threat assessment profile. With Redline, users can:

Perform Indicator of Compromise (IOC) analysis. Supplied with a set of IOCs, the Redline Portable Agent is automatically configured to gather the data required to perform the IOC analysis and an IOC hit result review.

In addition, users of FireEye’s Endpoint Threat Prevention Platform (HX) can open triage collections directly in Redline in order to perform in-depth analysis allowing the user to establish a timeline and the scope of an incident.

Redline 1.14 includes several enhancements specific for HX customers. This release includes visualization of and filtering by the alerts that caused a triage package to be collected. It also includes the ability to analyze URL activity and process events as newly collected in the latest version of HX.

A set of hashes from common (known good) executable files, used by Redline 1.6 (and newer) to filter out some of the memory analysis entries. Includes known good dlls and executable hashes from Microsoft Windows Server Update Service and National Software Reference Library.

The product includes a small subset of these hashes. In this file, a more extensive list is included.

To use, download the attached file to your favorite location, on the same host that Redline was installed on. Verify the MD5 /SHA1 hashes, to ensure you have the correct file. Start Redline. In the Options->Whitelist Management screen, there is an option to import a new whitelist. Following the procedure will completely replace the previous Whitelist in Redline. Note that when doing so, your old whitelist is lost. You may choose to save the old whitelist, again from Whitelist Management, under Redline Options.

Community Resources

M-Unition™ Blog

2014 brought about a multitude of high-profile breaches, critical vulnerabilities, and newly-discovered threat groups. Has this exposure and awareness changed the way companies are approaching security, incident detection, and containment and response? How will targeted attacks continue to evolve? I sat down with Ryan Kazanciyan, Technical Director at Mandiant, to learn more about what we can expect in 2015.Read the rest